@cresdamo109 said in Outbound Spam Filtering: I need to filter outbound emails for spam/malware before they're sent to protect our domain reputation and meet compliance requirements. Can you elaborate further on this? On Cloudron, emails are only sent by users or the apps. AFAIK, none of the apps generate spam. Are your users intentionally sending out spam?

My balls are tiny. What he wants... [image: 1769875416129-yugegif.gif]

@girish automatic schema validation by the IDE

@7dowWilkes sorry for answering that late. You need to have app that serves the file at the expected URL. You need to set up surfer app (this is the webserver you are looking for) at mta-sts.YOURDOMAIN.TLD (YOURDOMAIN= is your domain... TLD=Top Level Domain e.g. .com, .org...) inside surfer app you need to create .well-known folder inside folder public and then place the mta-sts file as described earlier there... I hope this clarifies it for you ...and yes it is still working. @james I think it would be awesome to somehow implement it into cloudron for the ease of use mail setup. As long as it is not implemented maybe a notice in the mail section of cloudron might work.

After quite some time - almost two years - I would like to know if this improvement can be considered for some future release in 9.X ?

Ok for a start the wrong messaging in the invite email is gone for next release. The password reset expiration is unchanged. We will add some expiration for invite also just to avoid edge-cases here.

I agree. The same feature exists in Elestio which prevents accidental deletion and shutdown. [image: 1768337338130-c464088f-e61b-40c0-9300-9d10a2b23d01-image-resized.png]

I have added a disk cache now in local storage . Will show cached data if < 60 minutes old . There is anyways a refresh button to get the latest state.

@robi easier to just upload a folder

Does anyone know if Bitwarden Lite includes the secrets manager? That would be an argument.

Yes - you're right it's "storage". I have been meaning to try the rsync instead of zip, but it does warn that it's not a good idea for lots of files. I'll give it a try. Thanks!

@james I like your thinking. This might allow for better hardware utilization on smaller servers. @svtx I get that some TURN queries are legitimate. But I would think that a service utilizing TURN would broadcast this to others so that they can "connect". Since I am not broadcasting, I am not sure why people are probing for TURN connections. I guess I am jaded by the thousands of unauthorized SSH attempts I see on all my servers each day. So my bias has shifted from "trust, but verify" to "distrust and verify when someone complains".

We used to have that actually, but given that apps which use LDAP were affected by this, we lifted those. By now the situation has changed quite a bit with most apps now being on OpenID, we have to revisit this. Regarding the roadmap, we are looking into things for v9.1 and will open a thread here to discuss those items soon. We do take this forum section into account, which is why it exists, so if feature requests have some traction by the community, they are more likely to be picked. So bumping threads and revisiting discussions here is a crude but useful way to signal for us.

Thanks for the catch! This is fixed with https://git.cloudron.io/platform/box/-/commit/fc417022c97e21cb6abd1a632755557133c4c37e

This is how I use it currently, but I maintain the wireguard VPN myself, outside of cloudron, which is not the recommended way. I would LOVE for something like this to be available.

@charlesnw said in CIS Benchmark Compliance: Do you use hardened Docker base images? See the discussion here: https://forum.cloudron.io/topic/14762/docker-hardened-images In short: No, for good reasons (maintenance and standards)